Effective Date: 07-23-2025 Last Reviewed: 07-23-2025
Great American Law Firm, PLLC (“Great American,” “we,” “us,” or “our”) respects your privacy and is committed to safeguarding personal information. This Privacy Policy describes how we collect, use, disclose, and secure data when you visit https://www.greatamericanlawfirm.com (the “Site”) or engage our legal services.
The Site is built on WordPress using Elementor visual builder and hosted by Hostinger (data centers in the United States and European Union). By accessing the Site, you agree to the practices described below and any additional notices displayed to you.
Key Laws Covered
• GDPR / UK GDPR • CCPA & CPRA (California) • CalOPPA • CAN-SPAM
• Sector guidance from the American Bar Association and Florida Bar
| Term | Meaning |
|---|---|
| Personal Data | Any information that identifies, relates to, describes, or can reasonably be linked to an individual. |
| Processing | Any operation performed on Personal Data (collection, storage, deletion, etc.). |
| Controller | The entity that determines the purposes and means of Processing Personal Data. Great American is the Controller of data collected via this Site. |
| Service Provider / Processor | A third party that Processes data on our behalf (e.g., Hostinger, Google). |
| Category | Examples | Collection Method |
|---|---|---|
| Information you provide | Name, email, phone, case details, uploaded documents | Contact forms, consultation requests, newsletter sign-up |
| Automatic log data | IP address, device ID, browser type, referring URL, pages viewed, time/date | WordPress core, Hostinger server logs |
| Usage analytics | Scroll depth, click events, session length | Google Analytics 4, Consent-mode enabled |
| Cookies & similar tech | Session cookies, Elementor page-builder cookies, cookieyes-consent banner cookie |
Set on first visit; non-essential cookies only after consent |
| Email engagement | Opens, link clicks, location by IP | MailerLite email platform (only when you subscribe) |
We do not intentionally collect special categories of data (e.g., health, race, biometric) via the Site.
Clients who later retain us may share sensitive legal data through secure client portals or encrypted email under separate engagement terms.
| Purpose | Legal Basis (GDPR) | CCPA Category |
|---|---|---|
| Respond to inquiries / schedule consultations | Art. 6 (1)(b) – Contract | “Identifiers”, “Professional Information” |
| Send newsletters & legal updates (opt-in) | Art. 6 (1)(a) – Consent | Same as above |
| Improve Site functionality & security | Art. 6 (1)(f) – Legitimate interest | “Internet Activity” |
| Comply with legal / ethical obligations (e.g., KYC, court orders) | Art. 6 (1)(c) – Legal obligation | “Legal Compliance Data” |
We never sell Personal Data and do not share it for cross-context behavioral advertising.
We use three classes of cookies:
Strictly Necessary – WordPress session ID, security & load-balancer cookies (cannot be disabled).
Functional – Elementor preferences (elementor), CookieYes banner (cookieyes-consent).
Analytics / Performance – Google Analytics 4 (_ga, _gid, _ga_<container>).
Loaded only after consent for EU/UK visitors.
Disable non-essential cookies any time via our “Cookie Settings” link in the footer or adjust your browser settings.
We share data only with vetted Service Providers under written agreements:
| Provider | Role | Safeguards |
|---|---|---|
| Hostinger | Web & email hosting | Data Processing Addendum (DPA), ISO 27001 |
| Google LLC | Analytics, reCAPTCHA (spam prevention) | Standard Contractual Clauses (SCCs) |
| MailerLite | Email newsletter service | GDPR-compliant DPA, EU data centers |
| Microsoft 365 | Encrypted email & document storage | SCCs / UK Addendum |
We may also disclose data to competent authorities if required by law, court order, or ethical rules.
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 24 months, then securely deleted |
| Newsletter email lists | Until you unsubscribe or 24 months of inactivity |
| Analytics data (GA4) | 14 months, aggregated thereafter |
| Client matter files | Per Florida Bar rules (typically 6 years) |
HTTPS/TLS 1.3 encryption site-wide
Web-application firewall & malware scans (Hostinger)
Principle-of-least-privilege for WordPress admins; 2-FA enabled
Daily off-site backups; backup retention 30 days
Annual penetration testing and plugin/theme patching
Our primary servers are in the USA. If you access the Site from the EEA/UK, your data may be transferred outside your jurisdiction. Transfers rely on:
Standard Contractual Clauses (SCCs) adopted by the European Commission; or
UK Addendum to SCCs; or
Adequacy decisions where applicable.
You may: (a) request a report of Personal Data we hold, (b) ask us to delete it, (c) correct inaccuracies, and (d) limit use of sensitive data (we do not process sensitive data for advertising). To exercise rights, email privacy@greatamericanlawfirm.com or call +1 407-929-9292. We will verify identity via two reliable data points.
You may: access, rectify, erase, restrict, object to Processing, or obtain data portability. You may also lodge a complaint with your local Data Protection Authority (DPA).
Every newsletter contains an “Unsubscribe” link and we honor opt-out requests within 10 business days.
The Site is not directed to anyone under 13 years of age. We do not knowingly collect Personal Data from children. If you believe we have, contact us for prompt deletion.
Our Site currently does not respond to browser “DNT” signals. You can control tracking through our cookie banner and browser settings.
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.
We may revise this Policy periodically to reflect legal, technical, or business changes. Material changes will be announced via a site-wide banner or direct email (if applicable) 30 days before they take effect.
Data Protection Contact / DPO:
Yaritssa Plasencia, Esq.
privacy@greatamericanlawfirm.com | +1 407-929-9292
100 Frandorson Circle, Suite 202C, Apollo Beach, FL 33572, USA
